Chromium Code Reviews Chromium Code Reviews
Issue 884073002:
Implement chrome.platformKeys.getKeyPair(). (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@cert_impl2| Index: chrome/test/data/extensions/api_test/platform_keys/basic.js |
| diff --git a/chrome/test/data/extensions/api_test/platform_keys/basic.js b/chrome/test/data/extensions/api_test/platform_keys/basic.js |
| index 9c643e51987dfa667ecd448ec7dd024c5ded7fbc..954977b3fcb6285ffb6712610e889b61771a72a1 100644 |
| --- a/chrome/test/data/extensions/api_test/platform_keys/basic.js |
| +++ b/chrome/test/data/extensions/api_test/platform_keys/basic.js |
| @@ -79,6 +79,97 @@ var clientCert1 = new Uint8Array([ |
| 0x6b, 0x23, 0x11, 0xba, 0x1e, 0x03 |
| ]); |
| +// The public key of clientCert1 as Subject Public Key Info in DER encoding. |
| +var clientPubkey1 = new Uint8Array([ |
| + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, |
| + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, |
| + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd5, 0xdf, 0xba, |
| + 0x34, 0xcb, 0xc2, 0x03, 0xb5, 0x37, 0x7a, 0x61, 0x89, 0x1a, 0xb5, 0x1a, |
| + 0xb9, 0x27, 0x7f, 0xa9, 0x2c, 0xba, 0xa1, 0x36, 0xac, 0x83, 0x6d, 0xb8, |
| + 0x45, 0x9e, 0x35, 0x82, 0xa4, 0xde, 0xa3, 0x69, 0x38, 0x25, 0x84, 0x57, |
| + 0x00, 0x8c, 0x41, 0x84, 0x86, 0x6d, 0x78, 0x41, 0xd4, 0x10, 0x99, 0x1b, |
| + 0x15, 0x18, 0xa6, 0x04, 0x2f, 0x92, 0xa0, 0x1c, 0x29, 0xc3, 0xe0, 0x5d, |
| + 0xe2, 0x90, 0x11, 0x2c, 0xfa, 0xac, 0x18, 0x0d, 0xfe, 0x5e, 0x8d, 0x5c, |
| + 0x5a, 0x01, 0x4a, 0xf7, 0x2c, 0xc9, 0x6e, 0x39, 0x8e, 0x14, 0x30, 0xd9, |
| + 0xfc, 0xf6, 0x6a, 0xee, 0x9d, 0xa3, 0xba, 0x23, 0xfe, 0x5d, 0xaa, 0x2f, |
| + 0x96, 0x07, 0x65, 0x38, 0xca, 0xa4, 0x3c, 0xd2, 0x93, 0x21, 0xb0, 0xb6, |
| + 0xdb, 0xfb, 0x40, 0x12, 0x00, 0x01, 0x99, 0x30, 0x41, 0x67, 0xe2, 0x2f, |
| + 0x65, 0x63, 0x71, 0xaa, 0xa6, 0xef, 0x45, 0x23, 0x05, 0x8b, 0xb4, 0x28, |
| + 0x6c, 0x35, 0xbf, 0x41, 0x73, 0x61, 0xf1, 0x9e, 0x77, 0x8c, 0xa7, 0x51, |
| + 0xcf, 0xc7, 0x51, 0x63, 0xc7, 0x00, 0xab, 0x4e, 0xa3, 0xe5, 0x8f, 0xfe, |
| + 0x3c, 0x45, 0xfa, 0x9e, 0xd2, 0x29, 0xbc, 0x59, 0x94, 0x7d, 0x14, 0xc9, |
| + 0x36, 0xdf, 0xcd, 0x0a, 0xb5, 0x9f, 0xbf, 0xac, 0xfd, 0x1d, 0x2b, 0x6d, |
| + 0xe5, 0x13, 0x30, 0x14, 0x71, 0xde, 0x77, 0xdf, 0x83, 0xf3, 0x6d, 0x2c, |
| + 0xcd, 0x16, 0xc0, 0xa5, 0xdc, 0xf2, 0x1f, 0x65, 0x86, 0x37, 0x91, 0x2f, |
| + 0x31, 0x66, 0x7e, 0x1a, 0x4b, 0x42, 0xb7, 0x29, 0xe1, 0xcd, 0x1d, 0xc9, |
| + 0x72, 0x0e, 0x65, 0x8e, 0xa9, 0x4c, 0x74, 0x2e, 0x90, 0xb7, 0xe0, 0x91, |
| + 0x0c, 0xe8, 0xfe, 0x92, 0x26, 0xa7, 0x17, 0x9a, 0xb6, 0x25, 0x7f, 0x66, |
| + 0x89, 0x2f, 0xbf, 0x54, 0xa7, 0x51, 0x4c, 0xe6, 0x8f, 0x4d, 0x34, 0xa1, |
| + 0xc3, 0x02, 0x03, 0x01, 0x00, 0x01 |
| +]); |
|
Ryan Sleevi
2015/02/03 01:44:51
Is there no way to move all this test data into se
pneubeck (no reviews)
2015/02/03 20:15:00
I assume that you mean adding files that contains
pneubeck (no reviews)
2015/02/04 20:59:20
changed to XHR loading local files.
|
| + |
| +// echo -n "hello world" > input |
| +// xxd -i input |
| +var rawData = new Uint8Array([ |
| + 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64 |
| +]); |
| + |
| +// openssl rsautl -inkey net/data/ssl/certificates/client_1.key -sign -in input |
| +// -pkcs -out signature.pkcs |
| +// xxd -i signature.pkcs |
| +var signatureNoHashPkcs = new Uint8Array([ |
| + 0x6a, 0x79, 0xf2, 0x64, 0x3f, 0x5e, 0xa5, 0xe6, 0xab, 0xbc, 0x64, 0x17, |
| + 0xab, 0x6b, 0x7c, 0x56, 0xc2, 0xfc, 0xf5, 0xd0, 0x23, 0x21, 0x70, 0x59, |
| + 0xda, 0x18, 0xc5, 0x15, 0x6f, 0x5f, 0xab, 0x9a, 0x6e, 0x37, 0xc2, 0xcf, |
| + 0x4a, 0xea, 0x35, 0x98, 0x15, 0x01, 0xe6, 0xf9, 0x73, 0x87, 0x6a, 0x4f, |
| + 0x39, 0x48, 0xdd, 0x54, 0x46, 0x9a, 0xc2, 0xcb, 0xf4, 0x72, 0x4e, 0x02, |
| + 0x20, 0xda, 0x71, 0x37, 0xcd, 0xf3, 0xf2, 0xd1, 0x8d, 0x6b, 0x65, 0xed, |
| + 0xf2, 0x78, 0xc7, 0x7e, 0x39, 0xad, 0x29, 0x73, 0x37, 0xb7, 0x06, 0x13, |
| + 0x60, 0xad, 0x13, 0xaf, 0xe2, 0x85, 0x4c, 0xba, 0x85, 0xd5, 0xa2, 0xc4, |
| + 0x59, 0x5b, 0x1a, 0x95, 0xd1, 0xc1, 0xf9, 0x1b, 0x9f, 0x83, 0x5c, 0xd5, |
| + 0xd4, 0xa7, 0xda, 0xa0, 0x7c, 0x08, 0xb5, 0x9e, 0xdb, 0x9e, 0x2f, 0xa2, |
| + 0xc4, 0x23, 0x9f, 0x2f, 0x3d, 0x84, 0xc7, 0xc8, 0xaa, 0x26, 0xce, 0x1a, |
| + 0xd6, 0x54, 0x78, 0x2b, 0x78, 0x78, 0x22, 0x63, 0xb5, 0x6b, 0xa0, 0xdb, |
| + 0xf3, 0xfe, 0x57, 0x13, 0xd0, 0x75, 0x57, 0x11, 0x7d, 0xf0, 0xe1, 0x34, |
| + 0x39, 0x7c, 0xac, 0xef, 0xc9, 0x86, 0xec, 0xd3, 0x14, 0x05, 0x5a, 0x81, |
| + 0x81, 0xdc, 0x29, 0x56, 0xe3, 0x55, 0x8f, 0xdf, 0xad, 0xb1, 0x27, 0x86, |
| + 0x36, 0xa6, 0x60, 0x17, 0x62, 0x87, 0xee, 0x75, 0x06, 0x62, 0xd2, 0xef, |
| + 0xf9, 0x6e, 0x99, 0x77, 0x0e, 0xea, 0xc6, 0xb8, 0xce, 0xbc, 0x4a, 0x8a, |
| + 0x61, 0xe3, 0x28, 0x86, 0x55, 0x90, 0x98, 0x51, 0x84, 0xe4, 0x86, 0xb2, |
| + 0x40, 0xa5, 0x5b, 0x31, 0x45, 0xce, 0xf2, 0xe8, 0xb2, 0x20, 0xc8, 0x60, |
| + 0x8a, 0xae, 0xab, 0x94, 0x1c, 0x6f, 0xfb, 0x30, 0x47, 0x71, 0x77, 0x5d, |
| + 0xbf, 0x27, 0x94, 0xfc, 0xf6, 0xe2, 0x8c, 0x4d, 0xd0, 0xc6, 0x3e, 0x2a, |
| + 0xbb, 0xdd, 0xda, 0x89 |
| +]); |
| + |
| +// openssl dgst -sha1 -sign net/data/ssl/certificates/client_1.key |
| +// -out signature.pkcs_sha1 input |
| +// xxd -i signature.pkcs_sha1 |
| +var signatureSha1Pkcs = new Uint8Array([ |
| + 0x74, 0x51, 0xe0, 0x09, 0xd7, 0xd2, 0xf3, 0xa1, 0xa0, 0x29, 0xec, 0x03, |
| + 0x2a, 0x75, 0x92, 0xac, 0x23, 0x86, 0x47, 0x37, 0x07, 0x8a, 0x66, 0xe3, |
| + 0x6b, 0x8f, 0x8e, 0xbf, 0x8e, 0x48, 0xab, 0x14, 0xe1, 0x54, 0x90, 0xd0, |
| + 0xf3, 0x94, 0xdb, 0x15, 0x5f, 0x05, 0xaf, 0x00, 0x8c, 0xb5, 0xac, 0x26, |
| + 0x85, 0xa9, 0xb4, 0xdc, 0x3a, 0x09, 0x9e, 0x13, 0x0a, 0x60, 0xbf, 0x8e, |
| + 0x9e, 0xc5, 0x42, 0xb0, 0x5d, 0x66, 0x5b, 0x82, 0xc9, 0xd0, 0x7b, 0xb9, |
| + 0x4c, 0x6f, 0xfb, 0xcc, 0x5c, 0xb3, 0x92, 0x98, 0xf6, 0x7e, 0x7d, 0xaa, |
| + 0x46, 0xb4, 0xc6, 0x81, 0x7e, 0x3a, 0x31, 0xe5, 0x46, 0x45, 0x08, 0x81, |
| + 0x1e, 0x1d, 0x0a, 0x9f, 0x71, 0x72, 0x6e, 0x7e, 0x24, 0x52, 0x93, 0x24, |
| + 0x78, 0x66, 0x71, 0x99, 0xa9, 0x03, 0xdc, 0xc9, 0x90, 0xe0, 0x5d, 0x9c, |
| + 0x45, 0x2a, 0xc3, 0x70, 0x6e, 0xa0, 0x82, 0xbb, 0x56, 0xd3, 0x00, 0x02, |
| + 0x30, 0x30, 0x2c, 0xb9, 0xe3, 0x6e, 0x9b, 0x2a, 0x9d, 0x81, 0xc3, 0x41, |
| + 0xb9, 0xfc, 0x63, 0x2c, 0x8c, 0xb5, 0x49, 0x9f, 0xc7, 0x08, 0x56, 0x87, |
| + 0x93, 0x69, 0x5d, 0xab, 0x78, 0xbb, 0xce, 0x5c, 0x24, 0xd3, 0x42, 0x60, |
| + 0x9a, 0xec, 0xa0, 0x4d, 0xa9, 0x8d, 0x79, 0x3b, 0xf7, 0xed, 0xc0, 0x03, |
| + 0x54, 0xc3, 0x1f, 0x91, 0x8b, 0xbd, 0x31, 0x08, 0x11, 0xa1, 0xe7, 0xcd, |
| + 0x53, 0x38, 0x8c, 0x32, 0x03, 0xc1, 0x88, 0x0a, 0xc4, 0x01, 0x3e, 0xfe, |
| + 0xb6, 0x56, 0x78, 0xdb, 0x7c, 0x7d, 0xe4, 0xe8, 0xca, 0xa5, 0xc5, 0x37, |
| + 0xda, 0xa4, 0xa2, 0x16, 0x6b, 0x66, 0xb0, 0x89, 0x28, 0x32, 0x90, 0xd2, |
| + 0xb8, 0xb1, 0x1c, 0x21, 0xcb, 0x3a, 0x68, 0xef, 0x18, 0x1e, 0x84, 0xc9, |
| + 0x6e, 0xe1, 0xc5, 0xb1, 0x8d, 0x23, 0x1b, 0xc2, 0xa6, 0xc7, 0x37, 0x7a, |
| + 0x76, 0x67, 0xb8, 0xa0 |
| +]); |
| + |
| // The distinguished name of the CA that issued clientCert1 in DER encoding. |
| var ca1DistinguishedNameDER = new Uint8Array([ |
| 0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, |
| @@ -195,6 +286,47 @@ function assertCertsSelected(request, expectedCerts, callback) { |
| })); |
| } |
| +function checkAlgorithmIsCopiedOnRead(key) { |
| + var algorithm = key.algorithm; |
| + var originalAlgorithm = { |
| + name: algorithm.name, |
| + modulusLength: algorithm.modulusLength, |
| + publicExponent: algorithm.publicExponent, |
| + hash: {name: algorithm.hash.name} |
| + }; |
| + var originalModulusLength = algorithm.modulusLength; |
| + algorithm.hash.name = null; |
| + algorithm.hash = null; |
| + algorithm.name = null; |
| + algorithm.modulusLength = null; |
| + algorithm.publicExponent = null; |
| + assertEq(originalAlgorithm, key.algorithm); |
| +} |
| + |
| +function checkPropertyIsReadOnly(object, key) { |
| + var original = object[key]; |
| + try { |
| + object[key] = {}; |
| + fail('Expected the property to be read-only and an exception to be thrown'); |
| + } catch (error) { |
| + assertEq(original, object[key]); |
| + } |
| +} |
| + |
| +function checkPrivateKeyFormat(privateKey) { |
| + assertEq('private', privateKey.type); |
| + assertEq(false, privateKey.extractable); |
| + checkPropertyIsReadOnly(privateKey, 'algorithm'); |
| + checkAlgorithmIsCopiedOnRead(privateKey); |
| +} |
| + |
| +function checkPublicKeyFormat(publicKey) { |
| + assertEq('public', publicKey.type); |
| + assertEq(true, publicKey.extractable); |
| + checkPropertyIsReadOnly(publicKey, 'algorithm'); |
| + checkAlgorithmIsCopiedOnRead(publicKey); |
| +} |
| + |
| function testStaticMethods() { |
| assertTrue(!!chrome.platformKeys, "No platformKeys namespace."); |
| assertTrue(!!chrome.platformKeys.selectClientCertificates, |
| @@ -202,6 +334,14 @@ function testStaticMethods() { |
| succeed(); |
| } |
| +function testHasSubtleCryptoMethods(token) { |
| + assertTrue(!!token.subtleCrypto.generateKey, |
| + "token has no generateKey method"); |
| + assertTrue(!!token.subtleCrypto.sign, "token has no sign method"); |
| + assertTrue(!!token.subtleCrypto.exportKey, "token has no exportKey method"); |
| + succeed(); |
| +} |
| + |
| function testSelectAllCerts() { |
| var requestAll = { |
| certificateTypes: [], |
| @@ -221,11 +361,115 @@ function testSelectCA1Certs() { |
| assertCertsSelected(requestCA1, [clientCert1]); |
| } |
| +function testMatchResult() { |
| + var requestCA1 = { |
| + certificateTypes: [], |
| + certificateAuthorities: [ca1DistinguishedNameDER.buffer] |
| + }; |
| + chrome.platformKeys.selectClientCertificates( |
| + {interactive: false, request: requestCA1}, |
| + callbackPass(function(matches) { |
| + var expectedAlgorithm = { |
| + modulusLength: 2048, |
| + name: "RSASSA-PKCS1-v1_5", |
| + publicExponent: new Uint8Array([0x01, 0x00, 0x01]) |
| + }; |
| + var actualAlgorithm = matches[0].keyAlgorithm; |
| + assertEq( |
| + expectedAlgorithm, actualAlgorithm, |
| + 'Member algorithm of Match does not equal the expected algorithm'); |
| + })); |
| +} |
| + |
| +function getClientCert1Keys(keyParams, callback) { |
| + var requestCA1 = { |
| + certificateTypes: [], |
| + certificateAuthorities: [ca1DistinguishedNameDER.buffer] |
| + }; |
| + chrome.platformKeys.selectClientCertificates( |
| + {interactive: false, request: requestCA1}, |
| + callbackPass(function(matches) { |
| + chrome.platformKeys.getKeyPair(matches[0].certificate, keyParams, |
| + callback); |
| + })); |
| +} |
| + |
| +function testGetKeyPair() { |
| + var keyParams = { |
| + // Algorithm names are case-insensitive. |
| + 'hash': {'name': 'sha-1'} |
| + }; |
| + getClientCert1Keys(keyParams, callbackPass(function(publicKey, privateKey) { |
| + var expectedAlgorithm = { |
| + modulusLength: 2048, |
| + name: "RSASSA-PKCS1-v1_5", |
| + publicExponent: new Uint8Array([0x01, 0x00, 0x01]), |
| + hash: {name: 'SHA-1'} |
| + }; |
| + assertEq(expectedAlgorithm, publicKey.algorithm); |
| + assertEq(expectedAlgorithm, privateKey.algorithm); |
| + |
| + checkPublicKeyFormat(publicKey); |
| + checkPrivateKeyFormat(privateKey); |
| + |
| + chrome.platformKeys.subtleCrypto() |
| + .exportKey('spki', publicKey) |
| + .then(callbackPass(function(actualPublicKeySpki) { |
| + assertTrue(compareArrays(clientPubkey1, actualPublicKeySpki) == 0, |
| + 'Match did not contain correct public key'); |
| + }), |
| + function(error) { fail("Export failed: " + error); }); |
| + })); |
| +} |
| + |
| +function testSignNoHash() { |
| + var keyParams = { |
| + // Algorithm names are case-insensitive. |
| + hash: {name: 'NONE'} |
| + }; |
| + var signParams = { |
| + name: 'RSASSA-PKCS1-v1_5' |
| + }; |
| + getClientCert1Keys(keyParams, callbackPass(function(publicKey, privateKey) { |
| + chrome.platformKeys.subtleCrypto() |
| + .sign(signParams, privateKey, rawData) |
| + .then(callbackPass(function(signature) { |
| + var actualSignature = new Uint8Array(signature); |
| + assertTrue(compareArrays(signatureNoHashPkcs, actualSignature) == 0, |
| + 'Incorrect signature'); |
| + })); |
| + })); |
| +} |
| + |
| +function testSignSha1() { |
| + var keyParams = { |
| + // Algorithm names are case-insensitive. |
| + hash: {name: 'Sha-1'} |
| + }; |
| + var signParams = { |
| + // Algorithm names are case-insensitive. |
| + name: 'RSASSA-Pkcs1-v1_5' |
| + }; |
| + getClientCert1Keys(keyParams, callbackPass(function(publicKey, privateKey) { |
| + chrome.platformKeys.subtleCrypto() |
| + .sign(signParams, privateKey, rawData) |
| + .then(callbackPass(function(signature) { |
| + var actualSignature = new Uint8Array(signature); |
| + assertTrue(compareArrays(signatureSha1Pkcs, actualSignature) == 0, |
| + 'Incorrect signature'); |
| + })); |
| + })); |
| +} |
| + |
| function runTests() { |
| var tests = [ |
| testStaticMethods, |
| testSelectAllCerts, |
| - testSelectCA1Certs |
| + testSelectCA1Certs, |
| + testMatchResult, |
| + testGetKeyPair, |
| + testSignNoHash, |
| + testSignSha1 |
| ]; |
| chrome.test.runTests(tests); |
